ADFSDecoder() : m_ns(WSTRUST_NS) {}
virtual ~ADFSDecoder() {}
+ const XMLCh* getProtocolFamily() const {
+ return m_ns.get();
+ }
+
XMLObject* decode(string& relayState, const GenericRequest& genericRequest, SecurityPolicy& policy) const;
protected:
pair<bool,long> unwrap(SPRequest& request, DDF& out) const;
pair<bool,long> run(SPRequest& request, string& entityID, bool isHandler=true) const;
+ const XMLCh* getProtocolFamily() const {
+ return m_binding.get();
+ }
+
private:
pair<bool,long> doRequest(
const Application& application,
class SHIBSP_DLLLOCAL ADFSConsumer : public shibsp::AssertionConsumerService
{
+ auto_ptr_XMLCh m_protocol;
public:
ADFSConsumer(const DOMElement* e, const char* appId)
- : shibsp::AssertionConsumerService(e, appId, Category::getInstance(SHIBSP_LOGCAT".SSO.ADFS"))
-#ifndef SHIBSP_LITE
- ,m_protocol(WSFED_NS)
-#endif
- {}
+ : shibsp::AssertionConsumerService(e, appId, Category::getInstance(SHIBSP_LOGCAT".SSO.ADFS")), m_protocol(WSFED_NS) {}
virtual ~ADFSConsumer() {}
#ifndef SHIBSP_LITE
role.addSupport(m_protocol.get());
}
- auto_ptr_XMLCh m_protocol;
-
private:
void implementProtocol(
const Application& application,
const PropertySet*,
const XMLObject& xmlObject
) const;
+#else
+ const XMLCh* getProtocolFamily() const {
+ return m_protocol.get();
+ }
#endif
};
return "LogoutInitiator";
}
#endif
+ const XMLCh* getProtocolFamily() const {
+ return m_binding.get();
+ }
private:
pair<bool,long> doRequest(const Application& application, const HTTPRequest& httpRequest, HTTPResponse& httpResponse, Session* session) const;
auto_ptr_XMLCh widen(hurl.c_str());
SingleLogoutService* ep = SingleLogoutServiceBuilder::buildSingleLogoutService();
ep->setLocation(widen.get());
- ep->setBinding(m_login.m_protocol.get());
+ ep->setBinding(m_login.getProtocolFamily());
role.getSingleLogoutServices().push_back(ep);
}
return m_login.getType();
}
#endif
+ const XMLCh* getProtocolFamily() const {
+ return m_login.getProtocolFamily();
+ }
private:
ADFSConsumer m_login;
}
// Validate the ACS for use with this protocol.
- pair<bool,const XMLCh*> ACSbinding = ACS->getXMLString("Binding");
- if (ACSbinding.first) {
- if (!XMLString::equals(ACSbinding.second, m_binding.get())) {
- m_log.error("configured or requested ACS has non-ADFS binding");
- throw ConfigurationException("Configured or requested ACS has non-ADFS binding ($1).", params(1, ACSbinding.second));
- }
+ if (!XMLString::equals(getProtocolFamily(), ACS->getProtocolFamily())) {
+ m_log.error("configured or requested ACS has non-ADFS binding");
+ throw ConfigurationException("Configured or requested ACS has non-ADFS binding ($1).", params(1, ACS->getString("Binding").second));
}
// Since we're not passing by index, we need to fully compute the return URL.
public:
const char* getType() const;
-
+ const XMLCh* getProtocolFamily() const;
#endif
private:
std::pair<bool,long> processMessage(
/*
- * Copyright 2001-2009 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
virtual ~Handler();
/**
+ * Returns an identifier for the protocol family associated with the handler, if any.
+ *
+ * @return a protocol identifier, or nullptr
+ */
+ virtual const XMLCh* getProtocolFamily() const;
+
+ /**
* Executes handler functionality as an incoming request.
*
* <p>Handlers can be run either directly by incoming web requests
{
}
+const XMLCh* Handler::getProtocolFamily() const
+{
+ return nullptr;
+}
+
void Handler::log(SPRequest::SPLogLevel level, const string& msg) const
{
Category::getInstance(SHIBSP_LOGCAT".Handler").log(
#ifndef SHIBSP_LITE
+const XMLCh* AssertionConsumerService::getProtocolFamily() const
+{
+ return m_decoder ? m_decoder->getProtocolFamily() : nullptr;
+}
+
const char* AssertionConsumerService::getType() const
{
return "AssertionConsumerService";
bool m_post;
SecurityPolicyRule* m_ssoRule;
+#else
+ const XMLCh* getProtocolFamily() const {
+ return samlconstants::SAML11_PROTOCOL_ENUM;
+ }
#endif
};
using namespace opensaml::saml2p;
using namespace opensaml::saml2;
using namespace opensaml;
-using namespace samlconstants;
+#else
+# include "lite/SAMLConstants.h"
#endif
#include <xmltooling/soap/SOAP.h>
role.getArtifactResolutionServices().push_back(ep);
}
#endif
+ const XMLCh* getProtocolFamily() const {
+ return samlconstants::SAML20P_NS;
+ }
private:
pair<bool,long> processMessage(const Application& application, HTTPRequest& httpRequest, HTTPResponse& httpResponse) const;
# ifndef min
# define min(a,b) (((a) < (b)) ? (a) : (b))
# endif
+#else
+# include "lite/SAMLConstants.h"
#endif
using namespace shibsp;
) const;
SecurityPolicyRule* m_ssoRule;
+#else
+ const XMLCh* getProtocolFamily() const {
+ return samlconstants::SAML20P_NS;
+ }
#endif
};
using namespace opensaml::saml2p;
using namespace opensaml::saml2md;
using namespace opensaml;
+#else
+# include "lite/SAMLConstants.h"
#endif
using namespace shibsp;
return "SingleLogoutService";
}
#endif
+ const XMLCh* getProtocolFamily() const {
+ return samlconstants::SAML20P_NS;
+ }
private:
pair<bool,long> doRequest(const Application& application, const HTTPRequest& httpRequest, HTTPResponse& httpResponse) const;
MessageEncoder * encoder = conf.MessageEncoderManager.newPlugin(
b.get(), pair<const DOMElement*,const XMLCh*>(e,shibspconstants::SHIB2SPCONFIG_NS)
);
- if (encoder->isUserAgentPresent()) {
+ if (encoder->isUserAgentPresent() && XMLString::equals(getProtocolFamily(), encoder->getProtocolFamily())) {
m_encoders[start] = encoder;
m_log.debug("supporting outgoing binding (%s)", b.get());
}
else {
delete encoder;
- m_log.warn("skipping outgoing binding (%s), not a front-channel mechanism", b.get());
+ m_log.warn("skipping outgoing binding (%s), not a SAML 2.0 front-channel mechanism", b.get());
}
}
catch (exception& ex) {
return "LogoutInitiator";
}
#endif
+ const XMLCh* getProtocolFamily() const {
+ return samlconstants::SAML20P_NS;
+ }
private:
pair<bool,long> doRequest(
auto_ptr_char b(start);
MessageEncoder * encoder =
SAMLConfig::getConfig().MessageEncoderManager.newPlugin(b.get(),pair<const DOMElement*,const XMLCh*>(e,nullptr));
- if (encoder->isUserAgentPresent()) {
+ if (encoder->isUserAgentPresent() && XMLString::equals(getProtocolFamily(), encoder->getProtocolFamily())) {
m_encoders[start] = encoder;
m_log.debug("supporting outgoing binding (%s)", b.get());
}
else {
delete encoder;
- m_log.warn("skipping outgoing binding (%s), not a front-channel mechanism", b.get());
+ m_log.warn("skipping outgoing binding (%s), not a SAML 2.0 front-channel mechanism", b.get());
}
}
catch (exception& ex) {
using namespace opensaml::saml2p;
using namespace opensaml::saml2md;
using namespace opensaml;
+#else
+# include "lite/SAMLConstants.h"
#endif
using namespace shibsp;
return "ManageNameIDService";
}
#endif
+ const XMLCh* getProtocolFamily() const {
+ return samlconstants::SAML20P_NS;
+ }
private:
pair<bool,long> doRequest(const Application& application, const HTTPRequest& httpRequest, HTTPResponse& httpResponse) const;
MessageEncoder * encoder = conf.MessageEncoderManager.newPlugin(
b.get(), pair<const DOMElement*,const XMLCh*>(e,shibspconstants::SHIB2SPCONFIG_NS)
);
- if (encoder->isUserAgentPresent()) {
+ if (encoder->isUserAgentPresent() && XMLString::equals(getProtocolFamily(), encoder->getProtocolFamily())) {
m_encoders[start] = encoder;
m_log.debug("supporting outgoing binding (%s)", b.get());
}
else {
delete encoder;
- m_log.warn("skipping outgoing binding (%s), not a front-channel mechanism", b.get());
+ m_log.warn("skipping outgoing binding (%s), not a SAML 2.0 front-channel mechanism", b.get());
}
}
catch (exception& ex) {
pair<bool,long> unwrap(SPRequest& request, DDF& out) const;
pair<bool,long> run(SPRequest& request, string& entityID, bool isHandler=true) const;
+ const XMLCh* getProtocolFamily() const {
+ return samlconstants::SAML20P_NS;
+ }
+
private:
pair<bool,long> doRequest(
const Application& application,
MessageEncoder * encoder = SAMLConfig::getConfig().MessageEncoderManager.newPlugin(
b.get(),pair<const DOMElement*,const XMLCh*>(e,nullptr)
);
- if (encoder->isUserAgentPresent()) {
+ if (encoder->isUserAgentPresent() && XMLString::equals(getProtocolFamily(), encoder->getProtocolFamily())) {
m_encoders[start] = encoder;
m_log.debug("supporting outgoing binding (%s)", b.get());
}
else {
delete encoder;
- m_log.warn("skipping outgoing binding (%s), not a front-channel mechanism", b.get());
+ m_log.warn("skipping outgoing binding (%s), not a SAML 2.0 front-channel mechanism", b.get());
}
}
catch (exception& ex) {
}
// Validate the ACS for use with this protocol.
- if (!ECP) {
- pair<bool,const char*> ACSbinding = ACS ? ACS->getString("Binding") : pair<bool,const char*>(false,nullptr);
- if (ACSbinding.first) {
- pair<bool,const char*> compatibleBindings = getString("compatibleBindings");
- if (compatibleBindings.first && strstr(compatibleBindings.second, ACSbinding.second) == nullptr) {
- m_log.error("configured or requested ACS has non-SAML 2.0 binding");
- throw ConfigurationException("Configured or requested ACS has non-SAML 2.0 binding ($1).", params(1, ACSbinding.second));
- }
- else if (strcmp(ACSbinding.second, samlconstants::SAML20_BINDING_HTTP_POST) &&
- strcmp(ACSbinding.second, samlconstants::SAML20_BINDING_HTTP_ARTIFACT) &&
- strcmp(ACSbinding.second, samlconstants::SAML20_BINDING_HTTP_POST_SIMPLESIGN)) {
- m_log.error("configured or requested ACS has non-SAML 2.0 binding");
- throw ConfigurationException("Configured or requested ACS has non-SAML 2.0 binding ($1).", params(1, ACSbinding.second));
- }
- }
+ if (!ECP && ACS && !XMLString::equals(getProtocolFamily(), ACS->getProtocolFamily())) {
+ m_log.error("configured or requested ACS has non-SAML 2.0 binding");
+ throw ConfigurationException("Configured or requested ACS has non-SAML 2.0 binding ($1).", params(1, ACS->getString("Binding").second));
}
// To invoke the request builder, the key requirement is to figure out how
pair<bool,long> unwrap(SPRequest& request, DDF& out) const;
pair<bool,long> run(SPRequest& request, string& entityID, bool isHandler=true) const;
+ const XMLCh* getProtocolFamily() const {
+ return samlconstants::SAML11_PROTOCOL_ENUM;
+ }
+
private:
pair<bool,long> doRequest(
const Application& application,
}
// Validate the ACS for use with this protocol.
- pair<bool,const char*> ACSbinding = ACS ? ACS->getString("Binding") : pair<bool,const char*>(false,nullptr);
- if (ACSbinding.first) {
- pair<bool,const char*> compatibleBindings = getString("compatibleBindings");
- if (compatibleBindings.first && strstr(compatibleBindings.second, ACSbinding.second) == nullptr) {
- m_log.error("configured or requested ACS has non-SAML 1.x binding");
- throw ConfigurationException("Configured or requested ACS has non-SAML 1.x binding ($1).", params(1, ACSbinding.second));
- }
- else if (strcmp(ACSbinding.second, samlconstants::SAML1_PROFILE_BROWSER_POST) &&
- strcmp(ACSbinding.second, samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT)) {
- m_log.error("configured or requested ACS has non-SAML 1.x binding");
- throw ConfigurationException("Configured or requested ACS has non-SAML 1.x binding ($1).", params(1, ACSbinding.second));
- }
+ if (ACS && !XMLString::equals(getProtocolFamily(), ACS->getProtocolFamily())) {
+ m_log.error("configured or requested ACS has non-SAML 1.x binding");
+ throw ConfigurationException("Configured or requested ACS has non-SAML 1.x binding ($1).", params(1, ACS->getString("Binding").second));
}
// Compute the ACS URL. We add the ACS location to the base handlerURL.
}
// Validate the ACS for use with this protocol.
- pair<bool,const char*> ACSbinding = ACS ? ACS->getString("Binding") : pair<bool,const char*>(false,nullptr);
- if (ACSbinding.first) {
- pair<bool,const char*> compatibleBindings = getString("compatibleBindings");
- if (compatibleBindings.first && strstr(compatibleBindings.second, ACSbinding.second) == nullptr) {
- m_log.error("configured or requested ACS has non-SAML 1.x binding");
- throw ConfigurationException("Configured or requested ACS has non-SAML 1.x binding ($1).", params(1, ACSbinding.second));
- }
- else if (strcmp(ACSbinding.second, samlconstants::SAML1_PROFILE_BROWSER_POST) &&
- strcmp(ACSbinding.second, samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT)) {
- m_log.error("configured or requested ACS has non-SAML 1.x binding");
- throw ConfigurationException("Configured or requested ACS has non-SAML 1.x binding ($1).", params(1, ACSbinding.second));
- }
+ if (ACS && !XMLString::equals(samlconstants::SAML11_PROTOCOL_ENUM, ACS->getProtocolFamily())) {
+ m_log.error("configured or requested ACS has non-SAML 1.x binding");
+ throw ConfigurationException("Configured or requested ACS has non-SAML 1.x binding ($1).", params(1, ACS->getString("Binding").second));
}
if (!discoveryURL.first)
<ClInclude Include="AbstractSPRequest.h" />\r
<ClInclude Include="AccessControl.h" />\r
<ClInclude Include="Application.h" />\r
- <ClInclude Include="ApplicationAwarePlugin.h" />\r
<ClInclude Include="base.h" />\r
<ClInclude Include="exceptions.h" />\r
<ClInclude Include="internal.h" />\r
<ClInclude Include="Application.h">\r
<Filter>Header Files</Filter>\r
</ClInclude>\r
- <ClInclude Include="ApplicationAwarePlugin.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
<ClInclude Include="base.h">\r
<Filter>Header Files</Filter>\r
</ClInclude>\r